Systems and Methods for Document and Data Protection

1. A method comprising: intercepting, by a tokenization gateway computer-based system, sensitive data prior to the sensitive data reaching a cloud application in an externally hosted system, wherein the sensitive data is being uploaded to the externally hosted system; encrypting, by the tokenization gateway computer-based system and in response to the intercepting, the sensitive data to create encrypted sensitive data; associating, by the tokenization gateway computer-based system, a file path with the encrypted sensitive data; generating, by the tokenization gateway computer-based system and in response to the encrypting, a token comprising a data identifier; tokenizing, by the tokenization gateway computer-based system and in response to the generating, the encrypted sensitive data, wherein the tokenizing comprises mapping the encrypted sensitive data to the token; storing, by the tokenization gateway computer-based system and in response to the tokenizing, the token to the cloud application, wherein the cloud application comprises a software application that functions within the externally hosted system, wherein the externally hosted system includes a cloud computing environment; storing, by the tokenization gateway computer-based system and in response to the storing the token to the cloud application, the encrypted sensitive data to a token vault internal to the tokenization gateway computer-based system, wherein the token vault comprises a data storage system; retrieving, by the tokenization gateway computer-based system, the token from the cloud application in response to a request from the computer-based system for the token from the cloud application, reading, by the tokenization gateway computer-based system, the file path associated with the token; and in response to the reading the file path associated with the token, receiving and decrypting, by the tokenization gateway computer-based system, the encrypted sensitive data.

2. The method of claim 1 , wherein the token comprises the file path, wherein the file path comprises a directory location of the encrypted sensitive data within the data storage system.

3. The method of claim 2 , wherein the token comprises a randomly generated value, and wherein a mapping table is stored in the token vault, wherein the mapping table maps the encrypted sensitive data to the token.

4. The method of claim 3 , further comprising receiving, by the tokenization gateway computer-based system, a request for the sensitive data.

5. The method of claim 1 , further comprising identifying, based upon the token associated with the encrypted sensitive data, the encrypted sensitive data.

6. A system comprising: a tangible, non-transitory memory communicating with a tokenization gateway processor, the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the tokenization gateway processor, cause the tokenization gateway processor to perform operations comprising: intercepting, by the tokenization gateway processor, sensitive data prior to the sensitive data reaching a cloud application in an externally hosted system, wherein the sensitive data is being uploaded to the externally hosted system; encrypting, by the tokenization gateway processor and in response to the intercepting, the sensitive data to create encrypted sensitive data; associating, by the tokenization gateway processor, a file path with the encrypted sensitive data; generating, by the tokenization gateway processor and in response to the encrypting, a token comprising a data identifier; tokenizing, by the tokenization gateway processor and in response to the generating, the encrypted sensitive data, wherein the tokenizing comprises mapping the encrypted sensitive data to the token; storing, by the tokenization gateway processor and in response to the tokenizing, the token to the cloud application, wherein the cloud application comprises a software application that functions within the externally hosted system, wherein the externally hosted system includes a cloud computing environment; storing, by the tokenization gateway processor and in response to the storing the token to the cloud application, the encrypted sensitive data to a token vault internal to the tokenization gateway processor, wherein the token vault comprises a data storage system; retrieving, by the tokenization gateway processor, the token from the cloud application in response to a request from the tokenization gateway processor for the token from the cloud application, reading, by the tokenization gateway processor, the file path associated with the token; and in response to the reading the file path associated with the token, receiving and decrypting, by the tokenization gateway processor, the encrypted sensitive data.

7. The system of claim 6 , wherein the token comprises the file path, wherein the file path comprises a directory location of the encrypted sensitive data within the data storage system.

8. The system of claim 7 , wherein the token comprises a randomly generated value, and wherein a mapping table is stored in the token vault, wherein the mapping table maps the encrypted sensitive data to the token.

9. The system of claim 8 , further comprising receiving, by the tokenization gateway processor, a request for the sensitive data.

10. The system of claim 6 , further comprising identifying, based upon the token associated with the encrypted sensitive data, the encrypted sensitive data.

11. An article of manufacture including a non-transitory, tangible computer readable storage medium having instructions stored thereon that, in response to execution by a tokenization gateway computer-based system, cause the computer-based system to perform operations comprising: intercepting, by the tokenization gateway computer-based system, a sensitive document prior to the sensitive document reaching a cloud application in an externally hosted system, wherein the sensitive document is being uploaded to the externally hosted system; encrypting, by the tokenization gateway computer-based system and in response to the intercepting, the sensitive document to create an encrypted sensitive document; associating, by the tokenization gateway computer-based system, a file path with the encrypted sensitive document; generating, by the tokenization gateway computer-based system and in response to the encrypting, a token comprising a document identifier; tokenizing, by the tokenization gateway computer-based system and in response to the generating, the encrypted sensitive document, wherein the tokenizing comprises associating the token with the encrypted sensitive document; storing, by the tokenization gateway computer-based system and in response to the tokenizing, the token to the cloud application, wherein the cloud application comprises a software application that functions within the externally hosted system, wherein the externally hosted system includes a cloud computing environment; storing, by the tokenization gateway computer-based system and in response to the storing the token to the cloud application, the encrypted sensitive document to an internal to the tokenization gateway computer-based system, wherein the token vault comprises file storage system; retrieving, by the computer-based system, the token from the cloud application in response to a request from the computer-based system for the token from the cloud application, reading, by the tokenization gateway computer-based system, the file path associated with the token; and in response to the reading the file path associated with the token, receiving and decrypting, by the tokenization gateway computer-based system, the encrypted sensitive document.

12. The article of claim 11 , wherein the token comprises the file path, wherein the file path comprises a directory location of the encrypted sensitive document within the document storage system.

13. The article of claim 12 , wherein the token comprises a randomly generated value, and wherein a mapping table is stored in the token vault, wherein the mapping table maps the encrypted sensitive document to the token.

14. The article of claim 13 , further comprising receiving, by the tokenization gateway computer-based system, a request for the sensitive document.